commit f3ee4dd59103ea4fea5c70e57f312387aecf039e
from: Aleksey Ryndin <continue@to.any-key.press>
date: Wed Sep 11 07:53:51 2024 UTC

Add: VGI_CERT_HASH environment variable

commit - ce5f27d25b61a206ccde7c6445c07f9c5df5fe5e
commit + f3ee4dd59103ea4fea5c70e57f312387aecf039e
blob - d2bc835e651af1b18c62dcc3db72d079c2190025
blob + 460466672fb912f5a7aaee0674d38463e3d0f906
--- vgi.sh
+++ vgi.sh
@@ -1,10 +1,24 @@
 #!/bin/sh
 
-# Answer header:
-echo "20 text/gemini\r"
+URL=$(cat -)
+URL_TAIL=$(echo $URL | awk -F "/" '{print $NF}')
 
-# Answer body:
+if [ "$URL_TAIL" = "auth" ]; then
+    if [ -z "${VGI_CERT_HASH}" ]; then
+        echo "60 Certificate required\r"
+        exit
+    fi
+
+    echo "20 text/gemini\r"
+    echo "# VGI demo (authenticated)\r"
+    echo "\`\`\`\r"
+    echo "VGI_CERT_HASH=$VGI_CERT_HASH\r"
+    echo "\`\`\`\r"
+    exit
+fi
+
+echo "20 text/gemini\r"
 echo "# VGI demo\r"
 echo "\r"
 echo "Requested URL: \r"
-echo "=> $(cat -)"
+echo "=> $URL"
blob - b426f6fd9af1562f45254604f36bbd2381d63f67
blob + 6d162f2bc840222a2c618fb6cdb8e31ee55c57d1
--- vostok/vostok.cc
+++ vostok/vostok.cc
@@ -16,7 +16,9 @@
 #include <vector>
 #include <thread>
 
+extern "C" char **environ;
 
+
 namespace vostok
 {
 namespace
@@ -37,6 +39,7 @@ const std::string ROOT{"/"};
 
 const std::string g_index_gmi{"index.gmi"};
 const auto ERROR42_ANSWER = cut_null("42 Temporary failure\r\n");
+const std::string VGI_ENV_PREFIX{"VGI_"};
 
 
 struct ProcessRequestContext
@@ -82,9 +85,20 @@ process_gateway_request(
     const ProcessRequestContext &context
 )
 {
-    czstring client_cert_hash = tls_peer_cert_hash(accepted_client.get_ctx());
-    error::g_log << "tls_peer_cert_provided(...)=" << tls_peer_cert_provided(accepted_client.get_ctx()) << std::endl;
-    error::g_log << "tls_peer_cert_hash(...)=" << (client_cert_hash ? client_cert_hash : "(nullptr)") << std::endl;
+    std::string env_cert_hash;
+    std::vector<czstring> child_envp;
+    for (auto env = environ; *env; ++env)
+    {
+        if (strncmp(VGI_ENV_PREFIX.c_str(), *env, VGI_ENV_PREFIX.size()))
+            child_envp.push_back(*env);
+    }
+    if (tls_peer_cert_provided(accepted_client.get_ctx()))
+    {
+        env_cert_hash = "VGI_CERT_HASH=";
+        env_cert_hash += tls_peer_cert_hash(accepted_client.get_ctx());
+        child_envp.push_back(env_cert_hash.c_str());
+    }
+    child_envp.push_back(nullptr);
 
     int stdin_pair[2];
     if (pipe(stdin_pair) != 0)
@@ -134,7 +148,7 @@ process_gateway_request(
         stdout_read.reset();
         stdout_write.reset();
 
-        execl(context.vgi_command, context.vgi_command, nullptr);
+        execle(context.vgi_command, context.vgi_command, nullptr, child_envp.data());
 
         // if `execl` return, an error has occurred
         write(STDOUT_FILENO, ERROR42_ANSWER.data(), ERROR42_ANSWER.size());